Roughly one-quarter of agency CIOs and one-third of CISOs are serving on an acting basis one year into the Trump administration.

Donald Trump closed the first year of his presidency this weekend with a slew of vacancies in top information technology and cybersecurity posts, an absence former officials say imperils efforts to upgrade the government’s aging IT infrastructure and could endanger national security.

About one-quarter of CFO Act agency chief information officer slots are filled on an acting basis rather than by permanent career CIOs or political appointees who carry the sanction of the president. That percentage has decreased from the 300-day mark, when acting CIOs lead one-third of agencies, according to a Nextgov tally.

About one-third of agency chief information security officers also hold their jobs on an acting basis. The same is true for the federal chief information officer, the federal chief information security officer and the two top posts in the Homeland Security Department’s cybersecurity and infrastructure protection division, which is substantially responsible for the civilian government’s cybersecurity.

“What I’m seeing is almost treading water,” said Lisa Schlosser, a former deputy federal chief information officer during the Obama administration. “There’s a real lack of leadership.”

Caretakers in Charge

The preponderance of acting tech and cybersecurity leaders is not necessarily a clear and present danger to the government. Most acting CIOs have logged long careers in government and are deeply knowledgeable about their agencies.

They’re caretakers, though, who typically lack a mandate to make big changes. And if there’s one thing current and former tech officials agree on it’s that federal IT is in dire need of change.

Too often, tech and cyber officials are invested in the way things have always been done at their agencies, which can be a killer for reform, Schlosser said.

“When you’re a CIO, you’re a change agent; you’re always driving change,” Schlosser said. “So, if you’ve been in an agency a long time, it’s hard to see what needs to change. It’s hard to lead a disruptive process when you’re used to the way it’s always been.”

Acting CIOs and other officials, though well qualified for their jobs, may also have more trouble rallying support from both superiors and subordinates for major changes, said Mallory Barg Bulman, a vice president for research and evaluation at the Partnership for Public Service.

“I compare it to when my kids have a substitute teacher,” Barg Bulman said. “It’s not that the substitute isn’t terrific, but a sub has less authority than a full-time teacher in the classroom.”

In the case of the Trump administration, an early IT modernization push during the administration’s first year is beginning to bear fruit in year two. The Modernizing Government Technology Act, which will create a $500 million IT modernization fund that agencies can borrow from, passed in December as part of an annual defense policy bill.

Agencies are also adapting operations to comply with a May executive order, which required them to follow a Commerce Department framework for cybersecurity and to hold a top agency official accountable for errors or poor management that lead to a data breach.

The American Technology Council, an ad hoc group created by the president, released an IT modernization plan in December that calls for more investment in cloud technology and more shared IT services across government.

A separate group, the Office of American Innovation, led by the president’s son-in-law Jared Kushner, is also promoting tech modernization.

Those efforts may be stymied, though, if acting CIOs and other officials who don’t think they have the full faith of the administration are hesitant to make big decisions, said Dave Wennergren, a longtime Defense Department official who’s now a managing director at the consultant Deloitte.

“History shows us that reforms and recommendations become reality as they become instantiated into a new way of doing business,” Wennergren said. “To turn bold new ideas into reality, you need to have people in a position that can see the ideas through to execution.”

More Outsiders than Insiders

In addition to non-permanent staff among tech and security officials, Wennergren pointed to vacancies among the top ranks of many agencies and at the White House Office of Management and Budget, which guides policy across the government.

The Trump administration had confirmed 301 political appointees across government as of Jan. 13, according to a tally maintained by the Partnership For Public Service. That’s compared with 452 confirmed at the same time by the Obama administration and 493 by the George W. Bush administration.

The 559 officials Trump has nominated so far, also lags Obama’s 690 nominees and Bush’s 741.

Trump nominated Margaret Weichert to be the government’s top management official—OMB’s deputy director for management—in September, but she has yet to be confirmed by the Senate. The Homeland Security Committee forwarded Weichert’s nomination to the Senate floor earlier this month.

It’s common for a new administration to want to shake up the way the government manages technology and other priorities, Wennergren said. What’s different about the Trump administration is that it seems to have put more effort toward standing up ad hoc, semi-independent and external bodies, such as the American Technology Council and the Office of American Innovation, than to filling the ranks of technology and management leaders who will implement the recommendations those external bodies make.

The result, he said, is that there’s an excess of bold new ideas and a mandate for big changes but there’s a dearth of frontline people who can make day-to-day decisions that ensure those big changes happen and happen right.

“You can get very excited about changing things and coming up with a reform agenda, but those things only become reality if someone’s seeing them through to implementation,” Wennergren said.

The implementation of big new tech ideas may also be stymied by budget uncertainty, Wennergren said. Technology and acquisition officials will feel less confident about committing to major new initiatives when they're funded through a series of short-term continuing resolutions and living under the threat of government shutdowns, he said.

Waiting Their Turn

Trump campaigned as an outsider candidate who would shake up the way government operates. He responded to early questions about the slow pace of nominations by saying he planned to save the government money by not filling many of those posts.

Agency CIO and CISO positions are not among the positions Trump intends to leave vacant, though, nor are top cybersecurity positions at Homeland Security, Trump’s White House Cybersecurity Coordinator Rob Joyce toldNextgov in November.

Joyce predicted a wave of tech and cybersecurity nominations once higher-level management nominations are out of the way.

The percentage of permanent CIOs has increased some since November, however, and with the administration’s second year beginning, time may be running short to fill out the ranks before agencies fall behind on new policy initiatives.

“Technology is moving so quickly,” Schlosser, the Obama administration deputy federal CIO, said. “Every day you have an acting person instead of a new, permanent person who’s committed to change you’re getting further and further behind.